HP Forums
Trojan on X-Philes CD1? - Printable Version

+- HP Forums (https://www.hpmuseum.org/forum)
+-- Forum: Not HP Calculators (/forum-7.html)
+--- Forum: Not quite HP Calculators - but related (/forum-8.html)
+--- Thread: Trojan on X-Philes CD1? (/thread-13575.html)



Trojan on X-Philes CD1? - Mark Power - 09-02-2019 04:31 PM

I installed some new AV software today and in a system scan it highlighted PB19.EXE from the X-Philes(*) CD1/HP95 directory as containing a trojan. Does anyone know if this is a genuine or false indication?

As the file is from 1992 and I've no idea what it does, I've deleted it anyway to stop it being copied around my machines and backups.

(*) X-Philes is described in http://faqs.cs.uu.nl/na-dir/hp/hp48-faq/part1.html


RE: Trojan on X-Philes CD1? - rprosperi - 09-02-2019 06:24 PM

(09-02-2019 04:31 PM)Mark Power Wrote:  I installed some new AV software today and in a system scan it highlighted PB19.EXE from the X-Philes(*) CD1/HP95 directory as containing a trojan. Does anyone know if this is a genuine or false indication?

As the file is from 1992 and I've no idea what it does, I've deleted it anyway to stop it being copied around my machines and backups.

(*) X-Philes is described in http://faqs.cs.uu.nl/na-dir/hp/hp48-faq/part1.html

Almost certainly a false-positive, but you can upload the file to a site that uses multiple scanners to see what the consensus is. Here's a well-known and easy to use site:

https://www.virustotal.com/gui/home/upload

But treat the file carefully when handling, since it is unknown, though more than likely it could not run on your machine anyhow (it's a 16-bit app so too old to run on Win-7, Win-10, etc.)

Did you get this as an .ISO from archive.org ? I tried to download that .ISO and my security s/w will not even download it since it's malware infected.

Maybe it's a honey pot to spread malware, though I've not heard of that on archive.org before.


RE: Trojan on X-Philes CD1? - ijabbott - 09-02-2019 10:21 PM

(09-02-2019 06:24 PM)rprosperi Wrote:  
(09-02-2019 04:31 PM)Mark Power Wrote:  I installed some new AV software today and in a system scan it highlighted PB19.EXE from the X-Philes(*) CD1/HP95 directory as containing a trojan. Does anyone know if this is a genuine or false indication?

As the file is from 1992 and I've no idea what it does, I've deleted it anyway to stop it being copied around my machines and backups.

(*) X-Philes is described in http://faqs.cs.uu.nl/na-dir/hp/hp48-faq/part1.html

Almost certainly a false-positive, but you can upload the file to a site that uses multiple scanners to see what the consensus is. Here's a well-known and easy to use site:

https://www.virustotal.com/gui/home/upload

I just downloaded the pb19.exe file from http://ftp.funet.fi/pub/misc/hp95lx/tools/

and submitted it to VirusTotal for analysis. Here is a link to the results:

https://www.virustotal.com/gui/file/397340ac592515cd98da5e09f786cec03d18f0ee3f5328a538bc71a68e346d95/detection

It gets detected as SillyC.338, SillyC.338 (B), or Trojan.Playback, depending on the engine, but only 6 out of 46 engines detected anything.

SillyC is described as a DOS virus. If it matched a Windows virus it would be easy to call it a false positive. But since it's a 16-bit MS-DOS executable, I'd assume it's a true positive.

Quote:But treat the file carefully when handling, since it is unknown, though more than likely it could not run on your machine anyhow (it's a 16-bit app so too old to run on Win-7, Win-10, etc.)

Don't worry, I used Linux. Smile

Quote:Did you get this as an .ISO from archive.org ? I tried to download that .ISO and my security s/w will not even download it since it's malware infected.

Maybe it's a honey pot to spread malware, though I've not heard of that on archive.org before.

I'm sure a lot of old CD-ROM images have viruses on them somewhere.